Evaluating modern intrusion detection methods in the face of Gen V multi-vector attacks with fuzzy AHP-TOPSIS

The persistent evolution of cyber threats has given rise to Gen V Multi-Vector Attacks, complex and sophisticated strategies that challenge traditional security measures. This research provides a complete investigation of recent intrusion detection systems designed to mitigate the consequences of Gen V Multi-Vector Attacks. Using the Fuzzy Analytic Hierarchy Process (AHP) and the Technique for Order of Preference by Similarity to Ideal Solution (TOPSIS), we evaluate the efficacy of several different intrusion detection techniques in adjusting to the dynamic nature of sophisticated cyber threats. The study offers an integrated analysis, taking into account criteria such as detection accuracy, adaptability, scalability, resource effect, response time, and automation. Fuzzy AHP is employed to establish priority weights for each factor, reflecting the nuanced nature of security assessments. Subsequently, TOPSIS is employed to rank the intrusion detection methods based on their overall performance. Our findings highlight the importance of behavioral analysis, threat intelligence integration, and dynamic threat modeling in enhancing detection accuracy and adaptability. Furthermore, considerations of resource impact, scalability, and efficient response mechanisms are crucial for sustaining effective defense against Gen V Multi-Vector Attacks. The integrated approach of Fuzzy AHP and TOPSIS presents a strong and adaptable strategy for decision-makers to manage the difficulties of evaluating intrusion detection techniques. This study adds to the ongoing discussion about cybersecurity by providing insights on the positive and negative aspects of existing intrusion detection systems in the context of developing cyber threats. The findings help organizations choose and execute intrusion detection technologies that are not only effective against existing attacks, but also adaptive to future concerns provided by Gen V Multi-Vector Attacks.


Introduction
In the age of extraordinary technological communication, the persistent threat of cyber-attacks looms large, with the potential to cause immense damage to organisations.The ramifications go beyond just disrupting services; they include erosion of confidence in society, exposure of important information, and significant challenges to corporate existence.The cyber threat ecosystem is dynamic, always evolving to exploit new weaknesses and adapt to the ever-changing technical environment.The emergence of new innovations, especially the Internet of Things (IoT), and broad usage of information communication technology have resulted in significantly greater issues related to cybersecurity.Website hacks, credit card information vandalism, and unlawful financial activities via online banking have all become almost regular.However, the current increase in attacks using IoT devices to launch huge Distributed Denial of Service (DDoS) attacks on vital infrastructure highlights the growing complexity and seriousness of cyber threats [1][2][3].
As industries and production facilities grow more networked, the chance of cyber assaults on industrial facilities and infrastructure has grown to new heights.The emergence of Industry 4.0 capabilities has provided new opportunities for attackers, jeopardising operational continuity as well as the integrity of sensitive information.As a result, protecting against cyber threats has become more important than ever before.DDoS attacks, a common type of cyber assault, demonstrate their effectiveness by leveraging networks of exploited computer systems, resulting in a massive amount of attack traffic.The assault orchestration makes use of malware-infected computers and IoT devices, which constitute a botnet.These botnets, which are remotely operated by attackers, may take over a target's server or network, causing a denial of service to genuine traffic.Gen V attacks, characterized by their capacity to cause extensive data breaches and service destruction (DeOS), represent a paradigm shift in the severity and sophistication of cyber threats [4][5][6].
The advancement of cyber security prevention across successive generations indicates the increasing sophistication of cyber threats and the matching modifications in defence systems.During Generation I, which was characterised by smart pranksters, the emphasis was on preventing virus attacks on stand-alone PCs by developing anti-virus software.Generation II witnessed the rise of organised hackers who engaged in cybercrime for monetary advantage.This encouraged the development of firewalls as well as intrusion detection systems (IDS) to protect an increasingly internet-dependent environment.Generation III represented a transition when attackers began exploiting vulnerabilities in IT infrastructure, ushering in the era of patchwork security solutions.Businesses struggled with the limitations of traditional security measures, and intrusion prevention systems (IPS) became critical.In Generation IV, cyberattacks reached new levels of sophistication, requiring creative approaches [7,8].Check Point replied by introducing anti-bot as well as sandboxing tools to combat previously undiscovered and polymorphic assaults.Generation V marks a paradigm shift with the release of powerful hacking tools that enable large-scale, multi-vector mega assaults.The conventional method security structures demonstrated inadequate, prompting Check Point to create a unified architecture that included sophisticated threat prevention solutions designed for sharing and protecting threat intelligence in real time across virtual scenarios, cloud-based systems, terminals, remote offices, as well as mobile devices.This progression emphasises the importance of integrated and unified safety precautions in countering the fifth generation's quick and stealthy attacks [9][10][11].
The continuous development of cyber threats has forced a corresponding evolution in security measures, resulting in unique generational transitions in the environment of cyber attacks and defence systems.As the globe grows more interconnected through networking as well as the internet, the vast connectedness that has united individuals, governments, and corporations has also created a fertile ground for malevolent actors to exploit.From the early days of curious hackers to the current era characterised by corporate and state-sponsored surveillance, as well as organised cybercrime, each step forward in the arena of malevolent activities has served as a stimulus for concurrent developments in IT security.This interwoven evolution demonstrates the dynamic and symbiotic interaction between cyber threats and the countermeasures developed to combat them.The ongoing challenge is to adapt security strategies in response to the evolving tactics of malicious actors, ensuring that defense mechanisms remain robust and resilient in the face of an ever-shifting cyber threat landscape [12][13][14].Fig 1 illustrates the evolution of cyber security attacks across different generations.It provides a visual representation of the progression from early-stage pranks to sophisticated, multi-vector threats in Generation V.
This research paper seeks to delve into the evaluation of modern intrusion detection methods in the face of Gen V Multi-Vector Attacks, utilizing the Fuzzy Analytic Hierarchy Process (AHP) and Technique for Order of Preference by Similarity to Ideal Solution (TOPSIS).By scrutinizing the nuances of detection accuracy, adaptability, scalability, resource impact, response time, and automation, the study aims to contribute insights that are instrumental in fortifying organizations against the relentless and evolving nature of contemporary cyber threats.The symbiotic relationship between the progression of cyber threats and advancements in cybersecurity underscores the imperative nature of ongoing research and development in the realm of information security.

Related works
Numerous research have made major contributions to the field of intrusion detection and information security risk assessment (RA), adopting various approaches to address the everchanging spectrum of cyber threats.Ak and Gul [15] pioneered a revolutionary RA approach that combines the Analytic Hierarchy Process (AHP) and Technique for Order Preference by Similarity to Ideal Solution (TOPSIS) with Pythagorean fuzzy sets.Their strategy, which was tested in a case study in the corrugated cardboard industry, revealed the efficacy of Pythagorean fuzzy numbers for dealing with uncertainties and produced encouraging outcomes when compared to three other ways.Dimolianis et al. [16] proposed a non-proprietary approach for minimising multi-vector anomalies in enterprise networks through the distribution of Access Control Rules.Validated through a proof-of-concept prototype, their approach showcased effectiveness in mitigating realistic multi-vector attack scenarios by utilizing a distributed, defense-stage-oriented mechanism.
Giotis et al. [17] explored the utilization of OpenFlow middleboxes to enhance black hole routing and mitigate DDoS attacks.Their modular architecture, leveraging software-defined networking, was validated through real DDoS attack traces, demonstrating scalability and efficiency.Moyers et al. [18] introduced the Multi-Vector Portable Intrusion Detection System (MVP-IDS), extending the Battery-Sensing Intrusion Protection System (B-SIPS).The study illustrated how combining a low-overhead tripwire with advanced detection mechanisms proved effective in safeguarding limited-resource wireless information technology devices.
Alyami et al. [19] employed a fuzzy Analytical Hierarchy Process (AHP) and fuzzy TOPSIS to evaluate popular intrusion detection systems (IDSs).The findings highlighted Suricata's substantial advantage over Snort, emphasizing the significance of multi-threading functionality.Almotiri [20] utilized Fuzzy AHP for assessing traffic detection approaches, addressing vagueness and uncertainties.The study provided conclusive evaluations, offering practitioners insights into selecting effective traffic detection approaches.
Wang et al. [21] presented an Identified Security Attributes (ISA) framework for IoHT device evaluation using AHP and TOPSIS.Their outcomes showcased the framework's efficacy in selecting reliable and secure alternatives among IoMT systems.Alharbi et al. [22] conducted an idealness assessment of machine learning-based IDS under hesitant fuzzy conditions, utilizing AHP and TOPSIS.Their approach assists machine learning practitioners in selecting and prioritizing attributes for intrusion detection systems.Kumar et al. [23] integrated Fuzzy AHP and Fuzzy TOPSIS to evaluate malware analysis techniques in a web application perspective, demonstrating the efficiency of the Reverse Engineering approach.Ahvanooey et al. [24] proposed an assessment model (AFPr-AM) for mitigating privacy invasion risks on SMPs, utilizing fuzzy AHP and cooperative game theory-based decisionmaking.
Lastly, Abdel-Basset et al. [25] employed q-rung orthopair fuzzy sets in a multi-criteria decision-making (MCDM) approach to assess IDSs.The study addressed ambiguity and uncertainty, showcasing the potential of various systems, with Suricata identified as the bestperforming IDS.Collectively, these studies provide a comprehensive understanding of diverse approaches in intrusion detection and information security risk assessment, contributing valuable insights to the cybersecurity landscape.Table 1 presents a comparative analysis of various studies.It offers a comprehensive overview of different research approaches, highlighting their methodologies, primary focus areas, and key discoveries.
This research work contributes significantly to the field of intrusion detection and information security risk assessment by providing a comprehensive meta-analysis of related works.The highlighted studies cover diverse methodologies, including AHP, TOPSIS, Fuzzy AHP, Fuzzy TOPSIS, OpenFlow, and cooperative game theory-based decision-making.The focal areas include risk assessment, multi-vector anomaly mitigation, DDoS attack mitigation, intrusion detection, security features evaluation, malware analysis impact assessment, privacy invasion risk assessment on social media, and the assessment of machine learning-based IDSs.
The contributions of this research paper are multifold: 1. Integration of Diverse Methodologies: The paper synthesizes studies employing various methodologies, offering a comprehensive overview of the approaches used in the domain.

Insights into Security Challenges:
The meta-analysis sheds light on different security challenges, such as risk assessment, intrusion detection, DDoS attack mitigation, and privacy concerns on social media platforms.

Assessment of intrusion detection systems (IDSs)
Applied q-rung orthopair fuzzy sets and q-ROFWG for assessing IDSs under ambiguous and uncertain criteria.Combined entropy method and compromised solution method for evaluating IDSs' effectiveness and reliability.Identified Suricata as the best-performing IDS.Contribution towards addressing ambiguity and uncertainty in IDS assessment. https://doi.org/10.1371/journal.pone.0302559.t001 3. Identification of Effective Approaches: By summarizing key findings, the research work distills crucial insights from diverse methodologies, paving the way for a unified and comprehensive evaluation framework to address the gaps in existing intrusion detection studies.The proposed approach integrates Fuzzy AHP and TOPSIS methods, offering a holistic assessment tool for enhancing cybersecurity defenses against Gen V Multi-Vector Attacks.
The identified research gap in the existing literature pertains to the need for a comprehensive and integrated evaluation framework for modern intrusion detection methods specifically tailored to address the challenges posed by Gen V Multi-Vector Attacks.While prior research has explored various methodologies, such as AHP, TOPSIS, and fuzzy logic, applied to specific aspects of cybersecurity, there is a scarcity of studies that holistically assess intrusion detection techniques considering factors like detection accuracy, adaptability, scalability, resource impact, response time, and automation in the context of Gen V Multi-Vector Attacks.This research work aims to fill this gap by introducing a novel approach that integrates the Fuzzy Analytic Hierarchy Process (AHP) and Technique for Order of Preference by Similarity to Ideal Solution (TOPSIS) methods.By applying this integrated methodology, the study will provide a nuanced and comprehensive evaluation of modern intrusion detection techniques, offering insights into their strengths and weaknesses against the evolving landscape of sophisticated and multifaceted Gen V Multi-Vector Attacks.The proposed framework is designed to address the limitations of existing research, providing a more holistic and adaptable assessment tool for organizations seeking to bolster their cybersecurity defenses.

Proposed methodology
The proposed methodology for this research endeavors to employ a robust and integrated framework for evaluating modern intrusion detection methods in the face of Gen V Multi-Vector Attacks.The approach centers on the synthesis of the Fuzzy Analytic Hierarchy Process (AHP) and the Technique for Order of Preference by Similarity to Ideal Solution (TOPSIS) [26][27][28].The Fuzzy AHP will be utilized to assign priority weights to various factors critical in the assessment, accounting for the nuanced and imprecise nature of security evaluations.This includes factors such as detection accuracy, adaptability, scalability, resource impact, response time, and automation.Subsequently, the TOPSIS method will be applied to rank the intrusion detection methods based on the aggregated performance across these factors.This integrated methodology is designed to offer a comprehensive and flexible assessment tool, capable of accommodating the complex and dynamic challenges posed by Gen V Multi-Vector Attacks.The utilization of fuzzy logic in decision-making allows for a more realistic and adaptable evaluation, ensuring that the proposed framework aligns with the intricacies inherent in contemporary cybersecurity landscapes.The methodology aims to deliver a nuanced understanding of the effectiveness of intrusion detection methods, facilitating informed decision-making for organizations seeking to fortify their security posture.

Creation of a hierarchical model for assessment
The development of a hierarchical model for the evaluation of intrusion detection methods against Gen V Multi-Vector Attacks is a critical aspect of this research.In crafting this model, the intricate nature of modern cybersecurity challenges is systematically broken down into a structured hierarchy.At the pinnacle of the hierarchy lies the overarching goal of identifying effective intrusion detection methods.This goal is then subdivided into a set of intermediate criteria that encapsulate essential aspects such as detection accuracy, adaptability, scalability, resource impact, response time, and automation.Each of these intermediate criteria is further decomposed into specific sub-criteria that capture nuanced dimensions of performance [29,30].
To construct this hierarchical model, extensive collaboration with cybersecurity experts is undertaken, gathering their insights to delineate the relationships and dependencies among the criteria and sub-criteria.The model aims to be comprehensive, encompassing the multifaceted nature of Gen V Multi-Vector Attacks and the diverse requirements placed on intrusion detection methods.
Incorporating a fuzzy approach into the hierarchical model is pivotal.Fuzzy logic allows for the representation of uncertainties and imprecise information that often characterizes realworld cybersecurity scenarios.Triangular fuzzy numbers (TFN) play a crucial role in translating linguistic variables, expressed by experts, into a quantitative format.This fuzzy representation acknowledges the inherent vagueness in expert opinions and contributes to a more realistic and adaptable evaluation.
The hierarchical model's strength lies in its ability to provide a holistic and granular assessment.It allows for the integration of diverse criteria and sub-criteria, ensuring that the evaluation captures the intricacies of modern intrusion detection challenges.This model serves as the foundation for applying the Fuzzy Analytic Hierarchy Process (Fuzzy AHP) and the Fuzzy Technique for Order of Preference by Similarity to Ideal Solution (Fuzzy TOPSIS) methodologies, facilitating a rigorous and nuanced evaluation of alternative intrusion detection methods within the context of Gen V Multi-Vector Attacks.
In the ever-evolving landscape of cybersecurity, combating Gen V Multi-Vector Attacks demands innovative and adaptive intrusion detection techniques.This section introduces five cutting-edge intrusion detection methods designed to confront the sophisticated challenges posed by Gen V Multi-Vector Attacks.These techniques represent the forefront of cyber defense, each leveraging advanced technologies and methodologies to detect and mitigate complex threats.From machine learning-driven anomaly detection to behavior-based heuristics, the following exploration provides an overview of these modern intrusion detection approaches, shedding light on their capabilities and contributions in the ongoing battle against the intricate and multi-faceted nature of Gen V Multi-Vector Attacks.

Deception technology.
Deception technology stands as a strategic and proactive approach in the realm of modern intrusion detection, especially when facing the complex challenges of Gen V Multi-Vector Attacks.Unlike traditional methods that primarily focus on identifying and blocking malicious activities, deception technology takes a different route by actively deceiving adversaries.This technique involves the deployment of decoy systems, false data, and misleading network resources, creating a virtual minefield for potential attackers.The objective is to divert and mislead adversaries, luring them away from genuine assets and activities while allowing security teams to observe and analyze their behavior.Deception technology operates on the premise that attackers are likely to encounter deceptive elements, triggering alerts when they interact with these decoys.This proactive and deceptive approach not only provides an early warning system but also buys valuable time for cybersecurity professionals to respond effectively and gather intelligence on emerging threats.In the context of Gen V Multi-Vector Attacks, where adversaries employ sophisticated tactics, leveraging deception technology adds a layer of unpredictability and complexity to the defense strategy, making it a formidable tool in the cybersecurity arsenal [31][32][33].
3.1.2Behavioral analysis and anomaly detection.Behavioral analysis and anomaly detection represent a dynamic and sophisticated intrusion detection technique designed to combat the intricate challenges posed by Gen V Multi-Vector Attacks.Unlike traditional methods that rely on static signatures to identify known threats, behavioral analysis focuses on understanding the normal patterns of system and user behavior [34,35].This approach involves continuous monitoring of network entities, users, and devices to establish a baseline of typical activities.Deviations from this baseline, which may indicate abnormal or suspicious behavior, trigger alerts for further investigation.Anomaly detection leverages advanced machine learning algorithms to adapt and evolve with the changing threat landscape.These algorithms analyze large datasets to identify patterns, learn normal behaviors, and subsequently detect deviations that might signify a security threat.By scrutinizing user interactions, network traffic, and system activities, behavioral analysis and anomaly detection can uncover subtle, previously unknown attack vectors, making them well-suited for the detection of sophisticated Gen V Multi-Vector Attacks.This approach not only enhances the detection of novel threats but also minimizes false positives, providing a crucial layer of defense in the rapidly evolving landscape of cybersecurity.
3.1.3Threat intelligence integration.Threat intelligence integration is a pivotal component of modern intrusion detection strategies, especially when confronting the intricate challenges presented by Gen V Multi-Vector Attacks.This approach involves the systematic incorporation of real-time and curated threat intelligence feeds into the detection and response mechanisms of cybersecurity systems.By assimilating up-to-the-minute information on emerging threats, attack techniques, and malicious entities, organizations can enhance their ability to recognize and counteract sophisticated threats.Threat intelligence encompasses a diverse range of data, including indicators of compromise (IoCs), tactics, techniques, and procedures (TTPs) employed by threat actors, and contextual information about specific threats.The integration of this intelligence into intrusion detection systems enables proactive defense, allowing organizations to stay ahead of evolving attack methodologies.It enables security teams to correlate observed activities with known threat indicators, facilitating early detection and response.In the context of Gen V Multi-Vector Attacks, where threat actors continuously adapt their strategies, the integration of threat intelligence becomes a strategic asset, empowering organizations to fortify their defenses and respond swiftly to the everchanging cybersecurity landscape [36][37][38].
3.1.4Security Orchestration, Automation, and Response (SOAR).SOAR represents a comprehensive and strategic approach to managing and responding to security incidents, and it shows a crucial character in the context of Gen V Multi-Vector Attacks.SOAR platforms integrate a combination of orchestration and automation tools with incident response capabilities, aiming to streamline and enhance the efficiency of cybersecurity operations [39,40].Orchestration involves coordinating and managing complex workflows across various security tools and systems, ensuring a synchronized response to security incidents.Automation, on the other hand, focuses on executing predefined and repetitive tasks without manual intervention, enabling rapid and consistent responses to threats.The integration of these elements into a unified platform empowers security teams to respond proactively to incidents, reducing response times and minimizing the potential impact of attacks.In the face of Gen V Multi-Vector Attacks, which often involve coordinated and multifaceted strategies, SOAR not only accelerates incident response but also allows security professionals to focus on high-value tasks, leveraging their expertise to make strategic decisions.The ability to automate repetitive tasks, integrate diverse security tools, and orchestrate responses positions SOAR as a vital component in the cybersecurity arsenal, ensuring organizations are well-equipped to navigate the evolving threat landscape.

Endpoint Detection and Response (EDR).
EDR constitutes a pivotal component in the contemporary cybersecurity arsenal, particularly in the aspect of growing cyber threats.EDR focuses on safeguarding the endpoints of a network, such as individual devices and user terminals, acknowledging them as potential entry points for cyber attacks.Contrasting traditional antivirus solutions that primarily rely on signature-based detection, EDR employs advanced behavioral analysis and continuous monitoring to identify anomalous activities indicative of potential threats.By scrutinizing endpoint activities in real-time, EDR solutions can swiftly detect and respond to suspicious behavior, minimizing the dwell time of threats within a network.These solutions often incorporate threat intelligence feeds, leveraging up-todate information about emerging threats to enhance detection capabilities.Moreover, EDR systems typically include response functionalities, allowing security teams to take immediate action against detected threats, isolate compromised endpoints, and remediate security incidents.In the context of Gen V Multi-Vector Attacks, where sophisticated and multi-faceted strategies are commonplace, EDR plays a crucial role in fortifying the perimeters of cybersecurity defenses, providing organizations with a proactive and responsive approach to endpoint security [41][42][43].
The evaluation of modern intrusion detection methods in the face of Gen V Multi-Vector Attacks is a complex and critical undertaking, requiring a nuanced and comprehensive approach.In this research, a methodology based on Fuzzy Analytic Hierarchy Process (Fuzzy AHP) and Technique for Order of Preference by Similarity to Ideal Solution (TOPSIS) is employed to provide a robust evaluation framework.This methodology, strategically addresses the multifaceted nature of intrusion detection in the contemporary cybersecurity landscape.Key factors for evaluation, namely Detection Accuracy (M1), Adaptability and Scalability (M2), Resource Impact (M3), and Response Time and Automation (M4), are meticulously considered.Detection Accuracy reflects the system's ability to accurately identify and differentiate between normal and malicious activities.Adaptability and Scalability assess the method's flexibility and scalability to accommodate evolving attack techniques and increased network complexities.Resource Impact scrutinizes the efficiency of intrusion detection without unduly burdening system resources.Lastly, Response Time and Automation evaluates the system's capability to automate and expedite responses to detected threats.The Fuzzy AHP-TOPSIS methodology, with its incorporation of fuzzy logic, ensures a more realistic and adaptable evaluation, contributing valuable insights to fortify cybersecurity defenses against the sophisticated challenges posed by Gen V Multi-Vector Attacks.Fig 2 shows the hierarchical structure employed for the evaluation process.It showcases the organized layers used to systematically assess the intrusion detection methods.Table 2 illustrates the factors, sub-factors, and their descriptions essential for the evaluation process.It provides a comprehensive overview of the criteria considered in the assessment of intrusion detection methods.

Methodology combining fuzzy AHP and TOPSIS
Problems encountered in decision-making often stem from an overreliance on analogical reasoning and predictive models that are heuristic algorithms or guiding principles.While these strategies aid decision-makers by reducing cognitive strain, they may introduce errors.The Analytic Hierarchy Process (AHP), although useful, cannot fully address the inherent uncertainties in decision-makers' responses to genuine statistical information in the indistinct real world.Recognizing this, researchers have integrated fuzzy theory with AHP to tackle ambiguous real-world problems.Despite this improvement, fuzzy AHP has its limitations.To overcome these deficiencies, a combined AHP and Technique for Order of Preference by Similarity to Ideal Solution (TOPSIS) fuzzy method is proposed for the effective evaluation of options [44].
The Fuzzy AHP-TOPSIS technique involves two main steps:

Fuzzy Analytic Hierarchy Process (Fuzzy AHP).
The Fuzzy Analytic Hierarchy Process (Fuzzy AHP) is a decision-making methodology that extends the traditional Analytic Hierarchy Process (AHP) to handle uncertainties and imprecise information inherent in real-world problems.AHP, developed by Thomas Saaty, is a structured technique for dealing with complex decision scenarios involving multiple criteria and alternatives.Fuzzy AHP introduces the concept of fuzzy sets to accommodate vague and subjective judgments, making it well-suited for situations where decision-makers may express preferences in linguistic terms [45,46].

Problem Decomposition:
� The decision problem is decomposed into a hierarchical structure with a goal at the top, criteria at the intermediate level, and alternatives at the bottom.
� Each level of the hierarchy represents a different aspect of the decision problem.

Pairwise Comparisons:
� Decision-makers perform pairwise comparisons between criteria and alternatives, expressing their preferences in terms of linguistic variables such as "equal importance," "slightly more important," or "much more important."The percentage of actual malicious activities that go undetected by the intrusion detection system, resulting in a failure to raise an alert.A low false negative rate is essential for ensuring that the intrusion detection system effectively identifies and alerts on all relevant security incidents.Minimizing false negatives is critical to prevent undetected breaches.

Dynamic Threat Modeling (M13)
The ability of the intrusion detection system to adapt and recognize new and evolving threat patterns or attack techniques.In the context of Gen V Multi-Vector Attacks, where adversaries continually develop sophisticated tactics, techniques, and procedures (TTPs), dynamic threat modeling ensures that the detection system remains effective over time.The system should be capable of learning and adapting to emerging threats without requiring constant manual updates.

Adaptability and Scalability
Threat Intelligence Integration (M21) The capability of the intrusion detection technique to integrate and effectively utilize up-to-date threat intelligence feeds.Integration with threat intelligence sources ensures that the system remains informed about the latest attack vectors, tactics, and indicators of compromise (IOCs).The ability to dynamically incorporate new threat intelligence enhances the technique's adaptability to emerging Gen V Multi-Vector Attacks.

ML Model Updates (M22)
The ease with which machine learning models within the intrusion detection system can be updated and retrained to recognize new patterns and behaviors.Given the dynamic nature of modern cyber threats, the intrusion detection technique should have mechanisms in place for regular updates to machine learning models.This ensures that the system can adapt to evolving attack techniques and maintain high detection accuracy.

Cloud Environments Support (M23)
The ability of the intrusion detection technique to adapt to and provide effective security in cloud-based environments.As organizations increasingly migrate to cloud platforms, the intrusion detection system must be capable of monitoring and securing cloud-based resources.The technique's adaptability to different cloud architectures and services is crucial for comprehensive coverage in modern IT infrastructures.

Scalability (M24)
The capacity of the intrusion detection system to scale efficiently as the number of network endpoints (devices, servers, etc.) increases.Scalability is vital for organizations with expanding network infrastructures.The intrusion detection technique should be able to handle a growing number of endpoints without sacrificing performance.This ensures that the security solution remains effective as the organization evolves and expands.

Resource Impact CPU Utilization (M31)
The percentage of central processing unit (CPU) resources consumed by the intrusion detection technique during normal operation.Excessive CPU usage can impact the performance of critical systems and applications.Low CPU utilization is desirable to ensure that the intrusion detection technique operates effectively without introducing significant overhead.
Memory Usage (M32) The amount of system memory (RAM) consumed by the intrusion detection technique while running.Memory-efficient intrusion detection techniques are crucial for preventing resource exhaustion, particularly on devices with limited RAM.Low memory usage contributes to system stability and allows for the effective operation of other applications and services.

Network Latency (M33)
The delay introduced by the intrusion detection technique in processing and analyzing network traffic.Minimal network latency is crucial to avoid disruptions in real-time communication and application performance.Effective intrusion detection should not introduce significant delays in the processing of network traffic, ensuring a seamless user experience and timely response to security incidents.

Response Time and Automation
Incident Detection Time (M41) The time it takes for the intrusion detection system to detect and alert on a security incident from the moment the incident occurs.A shorter detection time is critical for identifying and mitigating security threats promptly.It minimizes the window of opportunity for attackers to carry out their malicious activities, reducing the potential impact on the organization.

Incident Response Time (M42)
The time it takes for the organization's security team to respond and take appropriate actions after receiving an alert or detection from the intrusion detection system.Rapid incident response is essential for containing and neutralizing threats before they escalate.A streamlined and efficient response process ensures that security teams can address incidents in a timely manner, reducing the overall impact on the organization.

Automation of Response Actions (M43)
The extent to which the intrusion detection system can automate predefined response actions without requiring manual intervention.Automation is crucial for responding to security incidents at the speed and scale required in modern cybersecurity.The ability to automatically execute response actions, such as isolating compromised systems or blocking malicious traffic, enhances the organization's ability to counter Gen V Multi-Vector Attacks in real-time. https://doi.org/10.1371/journal.pone.0302559.t002 � The relative importance of each element is captured through a pairwise comparison matrix.

Fuzzy Numbers and Linguistic Variables:
� Fuzzy numbers are introduced to represent the imprecision in judgments.Triangular fuzzy numbers (TFN) are commonly used, defined by three values: a lower bound, a modal value, and an upper bound.
� Linguistic variables, such as "equal importance," are quantified using fuzzy numbers to incorporate the uncertainty in decision-makers' preferences.

Consistency Checking:
� A consistency check is performed to ensure the reliability of the pairwise comparisons.
Inconsistencies may arise when decision-makers provide conflicting judgments.
� If inconsistencies are detected, decision-makers may need to revisit and adjust their judgments.

Aggregation and Weight Calculation:
� The fuzzy pairwise comparison matrices are aggregated to derive a global fuzzy comparison matrix for each level of the hierarchy.
� Fuzzy eigenvalues and eigenvectors are computed to determine the fuzzy weights of criteria and alternatives.

Fuzzy Synthesis:
� Fuzzy synthesis involves combining the fuzzy weights of criteria and alternatives to obtain an overall ranking or score for each alternative.
� This step considers the fuzzy relationships between elements and provides a comprehensive evaluation that considers both the relative importance and the degree of fuzziness in decision-makers' judgments.
Fuzzy AHP allows decision-makers to incorporate subjective and imprecise information in a systematic manner, providing a more realistic representation of complex decision problems.It is particularly valuable in domains where uncertainties and qualitative factors play a significant role, such as evaluating intrusion detection methods in the dynamic landscape of Gen V Multi-Vector Attacks.

Fuzzy Technique for Order of Preference by Similarity to Ideal Solution (Fuzzy TOPSIS). The Fuzzy TOPSIS is a decision-making technique that extends the classical TOP-SIS method to handle uncertainty and vagueness in decision problems. TOPSIS, developed by
Hwang and Yoon, is a multi-criteria decision analysis method used for ranking alternatives based on their proximity to an ideal solution and their remoteness from a negative-ideal solution.Fuzzy TOPSIS introduces the concept of fuzzy numbers to represent imprecise information and preferences, making it suitable for decision-making scenarios where crisp numerical values may not adequately capture the inherent uncertainties [47,48].

Normalization:
� For each criterion, the performance values of alternatives are normalized to transform them into dimensionless values between 0 and 1.This step ensures that criteria with different measurement units are on a comparable scale.

Fuzzy Decision Matrix:
� Fuzzy numbers are used to represent the performance ratings of alternatives for each criterion.These fuzzy numbers capture the imprecision and uncertainty associated with the evaluations.

Fuzzy Positive-Ideal Solution (PIS) and Negative-Ideal Solution (NIS):
� The fuzzy positive-ideal solution represents the best possible performance for each criterion, while the fuzzy negative-ideal solution represents the worst performance.
� Fuzzy distances between each alternative and the PIS and NIS are calculated.

Similarity Measures:
� The similarity of each alternative to the PIS and NIS is assessed using similarity measures, typically based on fuzzy distance metrics.
� The relative proximity of an alternative to the PIS and remoteness from the NIS are crucial in determining its rank.

Relative Closeness to Ideal Solution:
� The relative closeness of each alternative to the ideal solution is calculated.This involves considering both the proximity to the PIS and the remoteness from the NIS.
� The alternatives are ranked based on their relative closeness values.

Sensitivity Analysis:
� Sensitivity analysis may be performed to assess the robustness of the rankings to variations in the fuzzy numbers and criteria weights.
� This step helps decision-makers understand the stability of the ranking results.
Fuzzy TOPSIS provides a systematic approach for handling uncertainties and linguistic preferences in decision-making.By incorporating fuzzy numbers, it accommodates the imprecision inherent in human judgments and allows for a more realistic representation of complex decision problems.In the context of evaluating intrusion detection methods against Gen V Multi-Vector Attacks, Fuzzy TOPSIS offers a comprehensive and adaptable methodology for ranking alternatives based on multiple criteria, considering both the positive and negative aspects of each alternative's performance.

Results
The results section of this research study unveils the outcomes of the meticulously crafted evaluation framework, combining the Fuzzy Analytic Hierarchy Process (Fuzzy AHP) and the Fuzzy Technique for Order of Preference by Similarity to Ideal Solution (Fuzzy TOPSIS), in assessing modern intrusion detection methods amidst the complex landscape of Gen V Multi-Vector Attacks.Through a hierarchical model developed in collaboration with cybersecurity experts, the study delves into the comprehensive analysis of critical criteria and sub-criteria, including detection accuracy, adaptability, scalability, resource impact, response time, and automation.The outcomes presented herein encapsulate the nuanced performances of alternative intrusion detection methods, shedding light on their relative strengths and weaknesses.This section unfolds the empirical evidence gleaned from the fuzzy evaluation, providing valuable insights that contribute to the ongoing discourse on fortifying cybersecurity defenses against the evolving threats posed by Gen V Multi-Vector Attacks.Tables 3-17 provide various matrices and summaries crucial for the evaluation process.They include consolidated fuzzy pairwise comparison matrices for different levels and factors, integrated matrices, aggregated matrices, summarizing outcomes, evaluator's subjective cognitive results, standardized fuzzy decision matrices, weighted standardized fuzzy decision matrices, and proximity coefficients to the desired level among alternatives.These tables play a vital role in organizing and presenting the data essential for the research study on evaluating modern intrusion detection methods.Fig 4 illustrates the degree of satisfaction for each criterion considered in the evaluation process.The values depict the level of fulfillment achieved for each criterion across all alternatives.
The findings of this research study, as reflected in the satisfaction degrees and ranking of the evaluated alternatives, reveal valuable insights into the effectiveness of different intrusion detection techniques against Gen V Multi-Vector Attacks.Behavioral Analysis and Anomaly Detection (D2) emerges as the most promising alternative with the highest satisfaction degree (0.6796) and securing the top rank.This result underscores the significance of leveraging advanced behavioral analysis and anomaly detection in the face of complex cyber threats.Following closely, Endpoint Detection and Response (D5) secures the second rank with a satisfaction degree of 0.4772, reinforcing its effectiveness in fortifying endpoint security against sophisticated attacks.Deception Technology (D1), Threat Intelligence Integration (D3), and Security Orchestration, Automation, and Response (SOAR) (D4) follow suit, each contributing unique strengths to the intrusion detection landscape.These findings provide a nuanced understanding of the comparative effectiveness of the evaluated alternatives, facilitating informed decision-making for organizations seeking robust defenses against the challenges posed by Gen V Multi-Vector Attacks.Table 18 and Fig   from classical and fuzzy AHP-TOPSIS approaches, shedding light on the differences in evaluation results between the two methodologies.It provides a comparative analysis essential for understanding the effectiveness and advantages of employing fuzzy techniques in the intrusion detection evaluation process.
Table 19 provides statistical insights generated from sensitivity analysis, which are useful for determining the resilience and stability of the review process.It shows variations in  elements that have a substantial impact on decision-making, allowing for a more comprehensive evaluation of intrusion detection technologies.

Discussion
The discussion section of this research paper delves into the key findings and implications derived from the evaluation of modern intrusion detection methods in the context of Gen V Multi-Vector Attacks using the Fuzzy AHP-TOPSIS methodology.The study's primary focus was to assess and compare five contemporary intrusion detection techniques: Deception Technology, Behavioral Analysis and Anomaly Detection, Threat Intelligence Integration, Security Orchestration, Automation, and Response (SOAR), and Endpoint Detection and Response (EDR).
The results of the evaluation, as depicted in the meta-analysis table, provide a comprehensive overview of the satisfaction degree of each intrusion detection technique.Behavioral Analysis and Anomaly Detection emerged as the top-performing technique, attaining the highest satisfaction degree and securing the first rank [49,50].This finding is noteworthy, underscoring the efficacy of behavior-based approaches in identifying and mitigating complex multivector attacks characteristic of Gen V threats.Deception Technology, on the other hand, obtained the lowest satisfaction degree, ranking fifth among the evaluated techniques.The discussion will explore the nuances contributing to these variations and offer insights into the strengths and weaknesses of each technique.The effectiveness of intrusion detection techniques is contingent on various factors, including their detection accuracy, adaptability, scalability, resource impact, and response time automation.The discussion will delve into how each technique performed concerning these factors, dissecting the nuances of detection accuracy in understanding and thwarting multivector attacks.The adaptability and scalability of the techniques will be assessed in the context of evolving cyber threats, emphasizing the importance of flexible solutions capable of accommodating dynamic attack landscapes.Additionally, the impact on system resources and the time taken for automated responses will be scrutinized, considering their critical role in minimizing downtime and ensuring swift mitigation.
The research questions posed at the outset of the study sought to evaluate and rank the intrusion detection techniques based on their capabilities in mitigating Gen V Multi-Vector  Attacks.The discussion will systematically address each research question, drawing insights from the evaluation results.This includes a comparative analysis of the techniques' strengths and weaknesses, providing a nuanced understanding of their practical applicability in realworld scenarios.Several challenges emerged throughout the research process, requiring careful assessment and mitigation techniques.One key problem was gathering complete and reliable data for assessing modern intrusion detection technologies.To address this issue, we used a variety of sources, including academic literature, industry reports, as well as real-world case studies, to collect varied perspectives and assure the strength of our research.Furthermore, guaranteeing the uniformity and correctness of the rating criteria was a hurdle.To address this, we held lengthy conversations across research team members and consulted specialists in the field to fine-tune and validate the evaluation methodology.Moreover, the use of fuzzy AHP-TOPSIS approach complicated data aggregation and analysis, necessitating specialised knowledge in decision-making theory and fuzzy logic.To address this issue, we worked with specialists in these fields and followed extensive validation procedures to assure the accuracy of our results.Ultimately, while these issues arose during the study process, proactive approaches and collaborative efforts allowed us to effectively handle them while ensuring the validity and integrity of our research findings.
Acknowledging the limitations of the study is crucial for a comprehensive discussion.The discussion section will delineate any constraints or restrictions in the methodology or data sources used.Furthermore, it will suggest potential avenues for future research, identifying areas where further investigation could enhance our understanding of intrusion detection mechanisms in the context of rapidly evolving cyber threats.In summary, the discussion section will provide a thorough analysis of the evaluation results, offering insights into the performance of modern intrusion detection techniques and their applicability in mitigating Gen V Multi-Vector Attacks.It will synthesize the findings to address the research questions, contribute to the existing body of knowledge, and guide future research in this critical domain.

Conclusion
In conclusion, this research endeavors to contribute to the ongoing discourse surrounding intrusion detection in the era of Gen V Multi-Vector Attacks.The evaluation of modern intrusion detection techniques using the Fuzzy AHP-TOPSIS methodology has provided valuable insights into their effectiveness and applicability in addressing the complexities of contemporary cyber threats.The discussion of findings revealed the varying degrees of success among the evaluated techniques, with Behavioral Analysis and Anomaly Detection emerging as the most promising approach, showcasing its adeptness in identifying and mitigating sophisticated multi-vector attacks.The comparative analysis of detection accuracy, adaptability, scalability, resource impact, and response time automation shed light on the nuanced strengths and weaknesses inherent in each intrusion detection technique.The dynamic nature of cyber threats necessitates adaptive and scalable solutions capable of minimizing resource impact while ensuring swift and automated responses.Behavioral Analysis and Anomaly Detection excelled in these aspects, positioning it as a front-runner in the face of evolving attack landscapes.
This research, employing the Fuzzy AHP-TOPSIS methodology, introduces a systematic and comprehensive approach to evaluating intrusion detection techniques.By incorporating fuzzy logic into the decision-making process, the study addresses the inherent uncertainties associated with cyber threats, providing a more realistic and nuanced assessment.The methodology's application contributes to the refinement of intrusion detection mechanisms, aligning them with the intricacies of Gen V Multi-Vector Attacks.However, it is essential to acknowledge the study's limitations, such as the scope of evaluated techniques and the specific context in which the assessment was conducted.Future research endeavors could explore a broader range of intrusion detection methods and consider diverse cyber threat scenarios to enhance the generalizability of findings.
In essence, this research underscores the importance of continually evolving intrusion detection strategies to counteract the relentless advancements in cyber threats.As the cyber landscape continues to morph, the insights gleaned from this study can inform the development and implementation of more robust, adaptive, and effective intrusion detection systems, contributing to the ongoing efforts to secure digital ecosystems against sophisticated Gen V Multi-Vector Attacks.

Table 2 . Factors, sub-factors, and descriptions for evaluation of intrusion detection methods.
The percentage of alerts or detections that are incorrectly identified as malicious when, in fact, they are legitimate or benign activities.A low false positive rate is crucial to prevent alert fatigue among security teams.It ensures that security personnel can focus on genuine threats rather than spending time investigating false alarms.